mirror of https://github.com/fail2ban/fail2ban
28 lines
653 B
Plaintext
28 lines
653 B
Plaintext
# Fail2Ban configuration file for SELinux ssh authentication errors
|
|
#
|
|
|
|
[INCLUDES]
|
|
|
|
after = selinux-common.conf
|
|
|
|
[Definition]
|
|
|
|
_type = USER_(ERR|AUTH)
|
|
_uid = 0
|
|
_auid = \d+
|
|
_subj = (?:unconfined_u|system_u):system_r:sshd_t:s0-s0:c0\.c1023
|
|
|
|
_exe =/usr/sbin/sshd
|
|
_terminal = ssh
|
|
|
|
_anygrp = (?!acct=|exe=|addr=|terminal=|res=)\w+=(?:"[^"]+"|\S*)
|
|
|
|
_msg = (?:%(_anygrp)s )*acct=(?:"<F-USER>[^"]+</F-USER>"|<F-ALT_USER>\S+</F-ALT_USER>) exe="%(_exe)s" (?:%(_anygrp)s )*addr=<ADDR> terminal=%(_terminal)s res=failed
|
|
|
|
# DEV Notes:
|
|
#
|
|
# Note: USER_LOGIN is ignored as this is the duplicate message
|
|
# ssh logs after 3 USER_AUTH failures.
|
|
#
|
|
# Author: Daniel Black
|